package com.gistone.commis.spring;


import com.gistone.commis.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.header.HeaderWriter;
import org.springframework.security.web.header.writers.CacheControlHeadersWriter;
import org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter;
import org.springframework.security.web.savedrequest.NullRequestCache;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Collection;

/**
 * Created by wangfan
 */

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfigure extends WebSecurityConfigurerAdapter {

    @Autowired
    UserService userService;
    @Autowired
    CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;


    @Autowired
    AuthFailureHandler authFailureHandler;

    @Autowired
    AuthSuccessHandler authSuccessHandler;
    @Bean
    PasswordEncoder getPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }



//    @Autowired
//    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
//        authenticationManagerBuilder.userDetailsService(userService).passwordEncoder(getPasswordEncoder()).and();
//        authenticationManagerBuilder.eraseCredentials(false);
//    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/META-INF/resources/**");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(getPasswordEncoder())
                .and();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().sameOrigin();//frame页面的地址只能为同源域名下的页面
//
//        http.sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
//        http
//                .headers().disable();
//        http.requestCache().requestCache(new NullRequestCache());
//        http.headers().cacheControl().disable();

    /*    RequestMatcher notResourcesMatcher =
                new NegatedRequestMatcher(new AntPathRequestMatcher("/resources/**"));
        HeaderWriter notResourcesHeaderWriter =
                new DelegatingRequestMatcherHeaderWriter(notResourcesMatcher ,
                        new CacheControlHeadersWriter());
        http
                .headers()
                .cacheControl().disable()
                .addHeaderWriter(notResourcesHeaderWriter);*/

        http.authorizeRequests()

                .antMatchers("/dba/**").hasAuthority("ROLE_DBA")
                .antMatchers("/admin/**").hasAnyAuthority("ROLE_ADMIN","ROLE_DBA")
//                .antMatchers("/user/**").hasAnyAuthority("ROLE_ADMIN","ROLE_USER","ROLE_DBA")
//                .antMatchers("/api/**").hasAnyAuthority("ROLE_ADMIN","ROLE_USER","ROLE_DBA")
                .antMatchers("/**").permitAll()
                .and()
                .formLogin()
                .usernameParameter("username")
                .passwordParameter("password")
//                .failureHandler(authFailureHandler)
//                .successHandler(authSuccessHandler)
                .loginPage("/loginPage")
                .permitAll()
                .and().csrf().disable();
        http.logout().logoutSuccessUrl("/").invalidateHttpSession(true).deleteCookies();
    }

}
